Cross-Site Scripting Vulnerability in Chatra Live Chat Product by Chatra
CVE-2025-24735

5.9MEDIUM

Key Information:

Vendor: WordPress
Status: Chatra Live Chat + Chatbot + Cart Saver
Vendor: CVE Published:; 4 July 2025

What is CVE-2025-24735?

A vulnerability allowing for stored cross-site scripting (XSS) has been identified in the Chatra Live Chat + ChatBot + Cart Saver product. This issue results from improper handling of user input, which can enable attackers to inject malicious scripts that execute in the context of users' browsers. This vulnerability affects all versions up to 1.0.11, posing a risk to the integrity of user sessions and data in the affected product. Users are advised to apply patches and security measures to mitigate potential attacks.

Affected Version(s)

Chatra Live Chat + ChatBot + Cart Saver <= 1.0.11

References

https://patchstack.com/database/wordpress/plugin/chatra-l...

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

haudayroi - BlueRock (Patchstack Alliance)